BitTorrent patches flaw that could amplify distributed denial-of-service attacks

Attackers could use the vulnerability to force BitTorrent applications to send malicious traffic

BitTorrent fixed a vulnerability that would have allowed attackers to hijack BitTorrent applications — used by hundreds of millions of users — in order to amplify distributed denial-of-service (DDoS) attacks.

The vulnerability was located in libuTP, a reference implementation of the Micro Transport Protocol (uTP) that’s used by many popular BitTorrent clients including uTorrent, Vuze, Transmission and the BitTorrent mainline client.

The flaw was disclosed earlier this month in a paper presented at the 9th USENIX Workshop on Offensive Technologies by four researchers from City University London, Mittelhessen University of Applied Sciences in Friedberg, Germany and cloud networking firm PLUMgrid.

DDoS amplification is an increasingly popular technique among attackers and can generate very large traffic volumes. It involves sending rogue requests to a large number of servers that appear to originate from the IP (Internet Protocol) address of a target chosen by attackers. This tricks those servers into sending their responses to the spoofed IP address instead of the original sender, flooding the victim with data packets.

The technique has the effect of hiding the source of the original traffic, which is known as reflection, but can also significantly amplify it if the generated responses are larger in size than the requests that triggered them.

This type of attack typically affects protocols that rely on the User Datagram Protocol (UDP) for data transmission, because UDP does not perform source address validation. In their paper, the four researchers showed that uTP is one such protocol.

They showed that an attacker could send a connection request with a spoofed address to a BitTorrent client, forcing it to send an acknowledgement (ACK) packet to the victim. The attacker could then send a second request with the same spoofed address and a random ACK number to initiate a BitTorrent handshake.

The BitTorrent client would accept this second request as well and would send a handshake response to the victim. However, since the victim would not expect the packet, it wouldn’t respond back, forcing the BitTorrent client to resend the data up to four times, amplifying the traffic that the attackers can generate.

In order to fix the issue, BitTorrent, the company that maintains libuTP, modified the library so that it properly verifies the ACK number accompanying the second request. If it doesn’t match the one sent to the victim in the first packet, it will drop the connection.

The change does not prevent DDoS reflection but kills the amplification effect.

It would be fairly difficult for an attacker to guess the acknowledgement number for a sufficiently large number of reflectors, a BitTorrent engineer said in a blog post Thursday that explains the fix in detail.

The latest versions of uTorrent, BitTorrent mainline and BitTorrent Sync, which are developed by the company, have included the fix since Aug. 4.

The change does not affect backwards compatibility with older versions of those applications nor with third-party BitTorrent clients that use libuTP, a BitTorrent engineer said via email. “Nonetheless, we encourage other developers to ensure their implementations properly enforce acknowledgment number sequencing.”

Other protocols designed by the company that rely on libuTP, like the Message Stream Encryption (MSE), are also protected.


 

MCTS Training, MCITP Trainnig

Best comptia A+ Video Training, Comptia Network+ Certification at Certkingdom.com

Posted in Tech | Tagged , , , | Leave a comment

IDF 2015’s coolest demos

IDF 2015’s coolest demos
Every year at the Intel Developer Forum Intel and its partners showcase the latest technology with some outstanding exhibits. These are the best of what we found.

The best of Intel Developer Forum 2015
Each year, Intel holds its Developer Forum to lead the PC industry into the direction Intel wants it to go: powerful new PCs, connected devices, touchscreens, and the like.

Well, a bunch of stale PowerPoint foils won’t do the job. So Intel and its partners seed IDF with some amazing, awe-inspiring demos, all in a bid to get the developer community behind this year’s technological focus. What sort of demos, you ask? We have some of the best in the following pages.

SPIDER!
This little beauty graced Intel chief executive Brian Krzanich’s keynote, along with its smaller cousins right behind it. Intel believes its future is in the Internet of Things, and this spider robot is powered by embedded Intel chips.

Intel’s WiGig “wire-free future”
Part of Intel’s Skylake vision is a “wire-free” PC: connected by Wi-Fi, charged by Rezence wireless charging, with images sent to a monitor either by WiGig or WiDi.

What’s the difference? What can WiGig do that WiDi can’t?
In Intel’s world, WiDi is designed for the living room, while WiGig is a high-bandwidth connection for your office. In a demonstration, a Dell notebook seamlessly connected to a WiGig dongle attached to an HP NUC. The connection held while the executive walked the notebook walked the notebook about 40 feet away. When he returned, the notebook seamlessly reconnected.

Rezence Wireless Power
What do the guts of a Rezence wireless charging pad look like? Well, this.

Unlike Qi, Intel says that a Rezence pad can be mounted underneath a desk, transmitting power through an inch or two of wood. While you don’t have to align a notebook perfectly to charge it, you do have to get it pretty close, at least according to the demo I saw.

Intel WiDi
Not to be outdone, Intel also had a Wireless Display (WiDi) exhibit in its booth, with a tablet running a custom app that the company developed. Next year, WiDi will support 4K via Miracast.

The problem with WiDi has been latency—meaning that it works best with streaming video. It’s not perfect; there still were a few hiccups in places. But unlike past generations, the new WiDi technology compresses the video on the tablet, then sends it over the wireless link. The demonstration also took place on a show floor, which isn’t an ideal place to demonstrate new technology.

Fallout PC
During Intel’s gaming PC session, the company presented a showcase of custom case designs, all housing a Skylake CPU inside. This Fallout-themed mod was one of our favorites.

Lego PC
Computer builder Mike Schropp built this PC entirely out of Legos—not the only PC modder at IDF to attempt this, by the way.

Compact PC
Intel had a collection of small, compact PCs in its booth, most using passive cooling in place of a fan. Note the massive antennas emerging from the back, to provide better wireless reception.

A Nexus Q?
Is this the Google Nexus Q, back from the dead? Nope! Just another compact PC.

Food Network Gesture Recipes
Who knew? If you visit the Food Network’s Web site, which has been optimized for the Intel RealSense camera, you can scroll hands-free without needing to touch the screen. That’s great when your hands are all gloppy after mashing avocados.

(Be warned, howvever—you have to download a massive SDK package to enable this on your PC.)

Core i7 Extreme Edition
It wouldn’t be an Intel Developer Forum without a Core i7 Extreme Edition playing a 4K version of the indie hit, Rocket League.

Intel True Key
One of the benefits of buying a PC with an Intel RealSense camera installed (to enable Windows Hello) is that you can sign up for Intel True Key, a free service from Intel’s McAfee security division. Like Hello, True Key lets you unlock your PC using facial recognition.

Both Windows Hello and True Key also use your face as your identification around the Web. But Hello’s related Passport technology doesn’t send a password to sites like Facebook; True Key does. Or, to be more specific, True Key uses a password generator to output a complex password to your bank or Web site, then sends it after your facial identification gives it the go-ahead.

Intel True Key 2
If you don’t regularly use the computer or tablet, True Key will ask you for a second form of authentication, sending you a code to your phone to serve as an additional means of security.

Thunderbolt 3
For the first time, the Thunderbolt technology finally seems useful. Not only does it run at a whopping 40Gbps, but it will share a connector with USB-C. Look for USB-C/Thunderbot to share connectors on more PCs going forward.

Aleutia Copper-Coated PC
Aleutia manufactures fanless PCs, the latest of which is shown here. And yes, that copper-looking core is indeed copper, an excellent thermal conductor that, incidentally, is selling for its lowest price in ten years. These fanless PCs are being sent to Africa, where they’re designed to serve as rugged low-cost PCs for the Third World.

Skylake Tower
Intel also had a pair of desktop systems running Skylake, including this NZXT PC with 6th-generation Core i7 inside, on top of an ASRock Z170 Extreme 7+ motherboard.

Skylake Data
Right next to the tower was a similar Skylake system, but running the CPU-Z freeware utility, to show what was inside.

Intel RealSense smart mirror
Intel had several exhibits showing off the power of its RealSense camera, including this “smart mirror” that projected an overlay over the image of the viewer.

Savioke RealSense Robot
This robot from Savioke is designed to roam through a hotel or a conference center, dodging crowds in its quest to bring a user a cold drink, a toothbrush, or some other sundry object that it can put in its hopper. It uses the Intel RealSense camera to navigate.

It’s a Shark Camera!
Because it makes sense to put a camera in an inflatable, fan-propelled shark. Naturally.

Lego Future Lab, and RealSense
The Lego Future Lab showed off a cool prototype game where a user could scan in some household objects, then the software would “Lego-ify” them. A minifig could then roam around….this cat statue thing.

Miniature Battlebots
No, there weren’t any chopping blades or flamethrowers. But if you wanted to try your hand at flipping a rival robot over, this was the place to come.

Intel Greenhouse
In Intel’s world of the Internet of Things, an ecosystem of sensors connects to Intel’s Curie embedded processor. In this case, sensors inside the greenhouse help determine whether the fan needs to run to cool the interior.

Gah! More Intel spiderbots!
One of Brian Krzanich’s more esoteric powers is the ability to contol spiders—robot spiders, that is. During the keynote, he wore a special bracelet that the spiders were keyed to—when Krzanich lifted his arm, the spiders responded. These little guys were crawling around a special pen in the lobby.

Skylake supports 12K! (’cause 4K x 3 = 12K right?)
Intel’s new Skylake processor takes the multipanel display properties to new heights. What you’re seeing here is three 4K displays running off a single Core i7-6700K chip. The two UHD 4K on the left are being off of DisplayPort 1.2 while the UDH 4K panel on the right is running on HDMI 1.4 at 30Hz. Skylake is capable of driving all three streams at 60Hz, but the motherboard the demo was running on didn’t have the ports to support it. And, no it’s not really technically 12K but that’s what everyone will call it.

USB-C in the house
It’s true, it’ll soon be time to junk all those micro-USB cables. This nifty AFT card reader is USB-C based and has two USB 3 ports on front too.

Skylake can push 4K raw video, too…
Skylake features fixed function 4K procesing support and in this demo, a Core i7-6700K is playing a 4K RAW video file from a Canon camera without dropping frames and with minimal CPU load.

Image courtesy Gordon Mah Ung
We shot the computer’s task manager as it played a 4K resolution RAW video on Intel’s new Skylake Core i7-6700K CPU. CPU utiliziation was usually 5 to 7 percent or lower. By comparison, a machine next to it playing the same video without using the new Skylake 4K fixed function units to help continually dropped frames, and used 70 to 80 percent of the CPU cycles just to play the file. Another interesting thing to note: This 4K RAW video file is pushing nearly 500MB/s off the SSD. That’s a lot of data being read.

RealSense in a phone!?
Already in super thin tablets, Intel showed off a reference design phone with a RealSense camera integrated into it. The phone shown here is being used to scan some 3D objects…

Why buy toys when you can scan them?
…and here’s the finished product. After moving the phone around the toys and scanning them with the RealSense camera, the phone was able to create a 3D scene that could be rotated and zoomed in and out.

Need for speed?
AFTech’s Blackb1rd lets you run two standard SATA drives in RAID over its USB 3.1 USB-C connection. By our estimates, that’ll use all of USB 3.1’s 10Gbps throughput if the controller in this cabinet and the motherboard can hit the full speed. In other words, we need more speed already. Thunderbolt 3, perhaps?
 

MCTS Training, MCITP Trainnig

Best comptia A+ Video Training, Comptia Network+ Certification at Certkingdom.com

 

Posted in Intel | Tagged , , , , , | Leave a comment

Silicon Valley’s ‘pressure cooker:’ Thrive or get out

Spotlight may be on Amazon, but tech jobs are high profit and high stress

It’s true. People working in Silicon Valley may cry at their desks, may be expected to respond to emails in the middle of the night and be in the office when they’d rather be sick in bed.

But that’s the price employees pay to work for some of the most successful and innovative tech companies in the world, according to industry analysts.

“It’s a pressure cooker for tech workers,” said Bill Reynolds, research director for Foote Partners LLC, an IT workforce research firm. “But for every disgruntled employee, someone will tell you it’s fine. This is the ticket to working in this area and they’re willing to pay it.”

The tech industry has been like this for years, he added.
Employees are either Type A personalities who thrive on the pressure, would rather focus on a project than get a full night’s sleep and don’t mind pushing or being pushed.

If that’s not who they are, they should get another job and probably in another industry.

“A lot of tech companies failed, and the ones that made it, made it based on a driven culture. No one made it working 9 to 5,” said John Challenger, CEO of Challenger, Gray & Christmas, an executive outplacement firm. “Silicon Valley has been the vanguard of this type of work culture. It can get out of control. It can be too much and people can burn out. But it’s who these companies are.”

Work culture at tech companies, specifically at Amazon, hit the spotlight earlier this week when the New York Times ran a story on the online retailer and what it called its “bruising workplace.”

The story talked about employees crying at their desks, working 80-plus-hour weeks and being expected to work when they’re not well or after a family tragedy.

“At Amazon, workers are encouraged to tear apart one another’s ideas in meetings, toil long and late (emails arrive past midnight, followed by text messages asking why they were not answered), and held to standards that the company boasts are “unreasonably high,” the article noted.

In response, Amazon.com CEO Jeff Bezos sent a memo to employees saying he didn’t recognize the company described in the Times article.

“The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day,” Bezos wrote. “More broadly, I don’t think any company adopting the approach portrayed could survive, much less thrive, in today’s highly competitive tech hiring market.”

Bezos hasn’t been the only one at Amazon to respond. Nick Ciubotariu, head of Infrastructure development at Amazon.com, wrote a piece on LinkedIn, taking on the Times article.

“During my 18 months at Amazon, I’ve never worked a single weekend when I didn’t want to. No one tells me to work nights,” he wrote. “We work hard, and have fun. We have Nerf wars, almost daily, that often get a bit out of hand. We go out after work. We have ‘Fun Fridays.’ We banter, argue, play video games and Foosball. And we’re vocal about our employee happiness.”

Amazon has high expectations of its workers because it’s one of the largest and most successful companies in the world, according to industry analysts.

The company, which started as an online book store, now sells everything from cosmetics to bicycles and toasters. With a valuation of $250 billion, Amazon even surpassed mega retailer Walmart this summer as the biggest retailer in the U.S.

With that kind of success comes a lot of pressure to stay on top and to come up with new, innovative ways to keep customers happy.

That kind of challenge can lead to a stressful workplace where employees are called on to work long hours and to outwork competitors’ own employees.

It’s just the way of the beast, according to Victor Janulaitis, CEO of Janco Associates Inc., a management consulting firm.

“If you go to work for a high-powered company where you have a chance of being a millionaire in a few years, you are going to work 70 to 80 hours a week,” he said. “You are going to have to be right all the time and you are going to be under a lot of stress. Your regular Joe is really going to struggle there.”

This kind of work stress isn’t relegated to Amazon alone. Far from it, Janulaitis said.

“I think it’s fairly widespread in any tech company that is successful,” he noted. “It’s just a very stressful environment. You’re dealing with a lot of money and a lot of Type A personalities who want to get things done. If you’re not a certain type of person, you’re not going to make it. It’s much like the Wild West. They have their own rules.”

Of course, tech companies, whether Amazon, Google, Apple or Facebook, are known to work people hard, going back to the days when IBM was launching its first PCs and Microsoft was making its Office software ubiquitous around the world.

However, tech companies also are known for giving their employees perks that people working in other industries only dream of.

Google, for instance, has world-class chefs cooking free food for its employees, while also setting up nap pods, meditation classes and sandy volleyball courts.

Netflix recently made global headlines for offering mothers and fathers unlimited time off for up to a year after the birth or adoption of a child.

It’s the yin and yang of Silicon Valley, said Megan Slabinski, district president of Robert Half Technology, a human resources consulting firm.

“All those perks – the ping pong tables, the free snacks, the free day care — that started in the tech industry come with the job because the job is so demanding,” she said. “There’s a level of demand in the tech industry that translates to the work environment.”

When asked if Amazon is any harder on its employees than other major tech companies, Slabinski laughed.

“Amazon isn’t different culturally from other IT companies,” she said. “I’ve been doing this for 16 years. You see the good, the bad and the ugly. If you are working for tech companies, the expectation is you are going to work really hard. This is bleeding-edge technology, and the trade-off is there’s less work-life balance. The people who thrive in this industry, thrive on being on the bleeding edge. If you can’t take it, you go into another industry.”

Janulaitis noted that top-tier employees are always chased by other companies, but middle-tier workers – those who are doing a good job but might not be the brightest stars of the workforce – are hunkering down and staying put.

Fears of a still jittery job market have convinced a lot of people to keep their heads down, put up with whatever their managers ask of them and continue to be able to pay their mortgages, especially if they live in pricey Silicon Valley.

That, said Janulaitis, makes companies more apt to ask even more from their employees, who know they’re likely stuck where they are for now.

“Once the job market changes, turnover will increase significantly in the IT field,” he said.

Like stock traders working under extreme pressure on Wall Street or medical interns working 36-hour shifts, the tech industry is a high-stress environment – one that’s not suited to every worker.

“If you can’t live with that pressure, you should go somewhere else,” said Reynolds. “For people in Silicon Valley, it’s who they are. It’s the kind of person they are.”


 

MCTS Training, MCITP Trainnig

Best comptia A+ Video Training, Comptia Network+ Certification at Certkingdom.com

Posted in Amazon | Tagged , , , | Leave a comment

Top 10 technology schools

Interested in going to one of the best colleges or universities to study technology? Here are the top 10 schools known for their computer science and engineering programs.

Top technology schools
Every year, Money releases its rankings of every college and university in the U.S., and not surprisingly, a number of those top schools are leaders in the tech space. Here are the top 10 technology schools, according to Money’s most recent survey of the best colleges in America.

Stanford University
First on the list for not only technology colleges, but all colleges, Stanford University has an impressive 96 percent graduation rate. The average price for a degree is $178,731 and students earn, on average, $64,400 per year upon graduation. Stanford’s global engineering program allows its 4,850 students to travel around the globe while studying engineering. There are nine departments in the engineering program: aeronautics and astronautics, bioengineering, chemical engineering, civil and environmental engineering, computer science, electrical engineering, management science and engineering, materials science and engineering, and mechanical engineering.

Massachusetts Institute of Technology
The Massachusetts Institute of Technology, located in Cambridge, Mass., is the second best technology school in the country, with a 93 percent graduation rate. The average net price of a degree comes in at a $166,855, but students can expect an average starting salary of $72,500 per year after graduating. As one of the top engineering schools, it’s ranked number 1 for chemical, aerospace/aeronautical, computer and electrical engineering. The top employers for the 57 percent of graduates that enter the workforce immediately include companies like Google, Amazon, Goldman Sachs and ExxonMobil. Another 32 percent of students, however, go on to pursue a higher degree.

California Institute of Technology
Located in Pasadena, Calif, the California Institute of Technology has a graduation rate of 93 percent. The average cost of a degree is $186,122, and students earn an average starting salary of $72,300. CalTech, as it’s often called, has departments in aerospace, applied physics and materials studies, computing and mathematical sciences, electrical engineering, environmental science and engineering, mechanical and civil engineering, and medical engineering. The prestigious college is also home to 31 recipients of the Nobel Peace Prize.

Harvey Mudd College
Harvey Mudd College in Claremont, Calif., has a strong technology program, putting it at number 4 on the list of top technology schools. The cost of tuition is also one of the highest on this list, at $196,551 for a degree. Graduates of Harvey Mudd earn an average of $76,400 early on in their careers and the graduation rate is 91 percent. The engineering program at Harvey Mudd College focuses on helping students apply their skills to real world situations. Students can get professional experience and help solve design problems outside of the classroom through an engineering clinic.

Harvard University
Harvard University, located in Cambridge, Mass., technically ties with Harvey Mudd for top technology schools, and top overall colleges. The graduation rate is 97 percent and the average price of a degree is $187, 763 while graduates earn an average annual salary of $60,000 when starting their careers. In the Jon A. Paulson School of Engineering and Applied Sciences at Harvard, which goes back as far as 1847, undergraduate students can study applied mathematics, biomedical engineering, computer science, electrical engineering, engineering sciences and mechanical engineering.

University of California at Berkeley
The University of California at Berkeley has a graduation rate of 91 percent, and students can get a degree for around $133,549. After graduation, the average salary for students starting out their careers is $58,300 per year. The electrical engineering and computer science division of the University of California at Berkeley has around 2,000 undergraduate students and is the largest department within the university.

University of Pennsylvania
University of Pennsylvania, located in Philadelphia, Penn., has a graduation rate of 96 percent and the average cost of a degree is $194,148. Students graduating from Penn and starting out their careers earn an average annual starting salary of $59,200. The Penn engineering department focuses on computer and information science. Students can study computer science, computer engineering, digital media design, networked and social systems engineering, computer science, computational biology as well as computer and cognitive science.

Rice University
Located in Houston, Rice University has a graduation rate of 91 percent and the average cost of a degree is $157,824. Upon graduation, the average starting salary for students comes in at $61,200 per year. Rice University has a Department of Computer Science where students can work in faculty research programs and describes the perfect computer science student as a “mathematician seeking adventure,” a quote from system architect Bob Barton. In the electrical and computer engineering department, students can prepare for a career in oil and gas, wearables, entertainment, renewable energy, gaming, healthcare, space industry, security and aviation.

Brigham Young University-Provo
Brigham Young University-Provo, located in Provo, Utah, has a graduation rate of 78 percent, but students won’t have as many loans as other colleges on this list. The average price of a degree is a moderate $80,988 and the average starting salary for graduates is around $51,600 per year. Brigham Young University-Provo offers degrees in electrical engineering, computer engineering and computer science. With a wide array of programs to choose from in each degree, Brigham Young University-Provo boasts a rigorous course load with an emphasis on gaining practical skills for the workforce.

Texas A&M University
College Station, Texas, is home to Texas A&M University where 79 percent of students graduate and the average cost of a degree is $84,732. Students can expect to earn an average starting salary of $54,000 per year after graduation. The Texas A&M computer science and engineering programs boasts an “open, accepting, and compassionate community that encourages the exploration of ideas.” Students should expect to leave the program prepared to help solve real-world challenges in the technology industry through applied research.


 

MCTS Training, MCITP Trainnig

Best comptia A+ Video Training, Comptia Network+ Certification at Certkingdom.com

 

Posted in Tech | Tagged , | Leave a comment

How to prepare for and respond to a cyber attack

Cybercriminals are constantly looking for new ways to bypass security measures. In a survey conducted by the SANS Institute on the behalf of Guidance Software, 56% of respondents assumed they have been breached or will be soon, compared with 47% last year.

Assistant United States Attorney and Cybercrime Coordinator with the U.S. Attorney’s Office in the District of Delaware Ed McAndrew, and Guidance Software Director of Security Anthony Di Bello, have compiled best practices for preparing and responding to a cyber attack and working with law enforcement:

* Have an incident response plan – Creating established and actionable plans and procedures for managing and responding to a cyber intrusion can help organizations limit the damage to their computer networks and minimize work stoppage. It also helps law enforcement locate and apprehend the perpetrators.

* Identify key assets – It may be cost prohibitive to protect the entire enterprise. Before creating a cyber incident plan, an organization should determine which of its data, assets and services warrant the most protection. The Cybersecurity Framework produced by the National Institute of Standards and Technology (NIST) provides excellent guidance on risk management planning and policies and merits consideration.

* Make an initial assessment of the threat – Once an attack or breach is identified, it’s critical to assess the nature and scope of the incident. It is also important to determine whether the incident was a malicious act or a technological glitch. The nature of the incident will determine what kind of assistance the organization will need and what type of damage and remedial efforts may be required.

* Engage with law enforcement before an attack – Having a pre-existing relationship with federal law enforcement officials can help facilitate any interaction relating to a breach. It will also help establish a trusted relationship that cultivates bi-directional information sharing that is beneficial to both the organization and law enforcement.

* Have a post-attack plan of action – Establish procedures addressing what steps you need to take after an attack. This includes identifying who is responsible for different elements of an organization’s cyber incident response, having the ability to contact critical personnel at all times, knowing what mission critical data, networks or services should be prioritized for the greatest protection and how to preserve data related to the incident in a forensically sound manner.

* Capture the extent of the damage – Ideally, the victim of a cyber attack will make a forensic image of the affected computers as soon as the incident is detected. Doing so preserves a record of the system for analysis and potentially for use as evidence at a trial. Organizations should restrict access to these materials in order to maintain the integrity of the copy’s authenticity. Safeguard these materials from unidentified malicious insiders and establish a chain of custody.

* Take steps to minimize additional damage – To prevent an attack from spreading, you must take steps to stop ongoing traffic caused by the perpetrator. Preventative measures include: rerouting network traffic, filtering or blocking a Distributed Denial of Service attack or isolating all or parts of the compromised network.

* Keep detailed records – Take immediate steps to preserve relevant existing logs. All personnel participating in the incident response should keep an ongoing, written record of the steps taken to respond to and mitigate an incident and any costs incurred as a result of the attack. They should record all incident-related communications, the identity of the systems, accounts, services, data and network affected by the incident and information relating to the amount and type of damage inflicted.

* Notify law enforcement – Many companies have been reluctant to contact law enforcement following a cyber incident due to concerns that a criminal investigation might disrupt their business. However, the FBI and U.S. Secret Service cause as little disruption to an organization’s normal operations as possible. These agencies will also attempt to coordinate statements to the news media concerning the incident, ensuring that information harmful to a company’s interests are not disclosed.

* Work with law enforcement to contact other potential victims – Contacting other potential victims through law enforcement is preferable to contacting them directly. Doing so protects the initial victim from potentially unnecessary exposure and allows law enforcement to conduct further investigations, which may uncover additional victims.

* Stay informed about threats – An organization’s awareness of new or commonly exploited vulnerabilities can help it prioritize its security measures. There are organizations that share real-time intelligence on threats. For example, Information Sharing and Analysis Centers, which analyze cyber threat information, have been created in each sector of the critical infrastructure. Some centers also provide cybersecurity services.


MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged , , | Leave a comment

8 free sites that teach you how to program

8 free sites that teach you how to program

Want to learn to code, but aren’t interested in paying pricey fees? Here are eight great websites that will teach you how to program — on your own time, from the comfort of your own home and for free.

Free sites that teach you how to program
If you’re interested in coding or want to make a career change, you don’t need to enroll in an expensive undergraduate or graduate program. You can learn for free, on your own time and from the comfort of your home.

It’s a great opportunity to get into a new line of work that has an increasing demand. To help get you started on your programming journey, we’ve compiled this list of websites where you can learn to code for free.

Code Academy
Developed in 2011, the main focus of Code Academy is to teach you how to code so that you can transform your career. It features a number of success stories from individuals who knew little to nothing about coding and went on to have fruitful careers as programmers. Code Academy covers a lot of ground, including how to make interactive websites. You can take courses in Rails, Angularjs, Rails Auth, The Command Line, HTML & CSS, JavaScript, iQuery, PHP, Python and Ruby. They are constantly adding new programs as well, so if nothing piques your interest now, you can always check back in a few months to see what they have added to their course load.

The courses on Code Academy are free and it has become a well-known and respected resource for anyone yearning to learn how to code. You can get started by creating a free account and browsing the tutorials, forums and sandboxes, where you can test out your code. On the flip side, if you are an expert in a particular language, you can actually publish your own course on the website for others to learn.

Kahn academy
Kahn Academy offers more than just programming – it’s tagline is, “you can learn anything.” In addition to math, science, history, art and economics, just to name a few, you can also learn computer programming. It’s taken seriously in the education world, with institutions such as NASA and MIT partnering to bring more courses to Khan Academy.

Once you select a course, it guides you through a series of exercises, videos, games and more to help you master the skills you need. The computer programing course includes drawing and animation, SQL, HTML/CSS, JavaScript and more. It’s a completely free service, with courses in about 40 different languages. The creators state that it will always remain free, ad-free, and not-for-profit.

TheCodePlayer
TheCodePlayer might be better-suited for those who have at least a basic knowledge of coding, but it offers a unique option for learning HTML5, CSS3 and JavaScript. You can log on and see someone make a program from scratch, and watch as they work through the process themselves. It’s a different tactic compared to similar sites that offer more traditional courses with tutorials, exercises and videos.

Once you choose a walkthrough, you can toggle the settings to make it go faster, or slower depending on your needs. You can also pause the tutorials, as well as toggle between HTML5, CSS and JavaScript. Most of the tutorials are free, and if you sign up with your email, you can unlock more walkthroughs and tutorials on the site.

Code School Website
Code School wants you to “learn to code by doing,” which means you will be thrown into hands-on exercises. It’s great for anyone who learns best by doing — and making mistakes — rather than learning the content and then trying to apply it to real world situations. There are different “paths” you can choose which includes Ruby Path, JavaScript Path, HTML/CSS Path, iOS Path and Git Path. There is also an Electives Path, which focuses more on development strategies.

The courses are meant to be fun and are designed similar to a game with a storyline, to help keep you invested in the coursework. The introductory courses are typically free, but to go beyond the free courses, you will need to opt into a monthly subscription fee of $29, or a yearly fee of $290.

HTML5 Rocks
HTML5 Rocks is a project from Google, so if you want to learn HTML5 from the kings of technology, this might be the option for you. The new standard in Web development, HTML5, is a valuable language to add to your coding repertoire. Whether your focus is mobile, gaming or business, there is a course that will suit your needs on HTML5 Rocks.

You can search through tutorials, check out the latest additions and browse through a number of resources to help you get started. The resources section includes books, demos, tutorials, videos and more to enhance your learning experience. The site is free, which means no subscription fees or locked content, so you can get started immediately.

Programmr
Programmr is another great resource if you learn best by doing. While beginners can head to Programmr to learn, experienced and seasoned programmers can check out Programmr to practice their skills and enter competitions. The site offers coding simulators, so you can write your code and test mobile, databases, Web and rich media apps right in your browser.

The courses on Programmr take you through it step-by-step with hands on coding practice, and the best part, it’s free. It’s a great option for those who have a basic knowledge of different programming languages, but want to hone their skills even further or pick up a new language. You can even get certified as a specialist in Java, C++, C#, Python and PHP through your progress in Programmr courses.

Code Avengers
If you want to build Web pages, apps or games, Code Avengers is a great resource to learn the skills you need. Designed for beginners, or those with some limited experience, each course takes only 12 hours to complete. As you learn, you can create apps, games and even websites, taking you beyond simply reading information, but using your new skills in practical applications.

The introduction courses are all free, but to go beyond the intro, you will have to pay a fee. Level 1 courses are $29, which is the next step from the introduction level, and Level 2 courses are $39, but “lifetime access” to all seven courses is a one-time fee of $146. You can give the free introduction a shot to see if you’re interested in learning that language, with no strings attached. Courses include JavaScript, HTML5 & CSS3, and Python 3.

MIT Open Courseware
Want an MIT education, without all the loans? You can get pretty close with MIT Open Courseware, a free educational service from the Cambridge, Mass-based university. The university recently decided to make its course materials available online so that anyone can take part in the classes, even if they can’t go to the university. There are materials from 2,260 courses and serves educators, students, and self-learners alike.

You can search courses by topic, and you’ll find programming languages under Computer Science sub-topic within the Engineering topic. Scroll through the undergraduate and graduate course offerings and you’ll find a courses on C++, Java, graphics, animation, computer science fundamentals and much more.

W3 Schools
W3 Schools is one of the most popular sites for Web developers, pulling in 40 million visits a month. They also offer a YouTube channel where you can view different videos on CSS; you can even ask questions in the comments, and chances are they will answer you. W3 Schools focuses on HTML/CSS, JavaScript, HTML Graphics, Server Side, Web Building and XML Tutorials. Everything you could want to know about coding a website is most likely on W3 Schools. It’s a great resource for newbies as well as veterans looking to brush up on their skills.

Within tutorials, you can also find code examples that you can manipulate and test in the browser to see if you have the right commands in place. The site is free and it’s easy to navigate to find the content you’re looking for. There is also a W3Schools Certification Program that lets you study in your own time and you can complete the program in a matter of a few weeks. Certificates include HTML, HTML5, CSS, JavaScript, jQuery, PHP, Bootstrap and XML. Each certificate will cost you $95.


 

MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged , , , | Leave a comment

Symantec: Well-heeled hacking group Black Vine behind Anthem breach

A group has been singled out as the attacker behind the recently disclosed hack against Anthem, believed to be the largest waged against a health care company.

It was Black Vine that broke into the health insurer’s systems and stole more than 80 million patients records, Symantec said Tuesday in a report.

For Black Vine, it was the latest in a long line of hacks that began in 2012. Black Vine has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, according to Symantec. The majority of the attacks (82 percent) were waged against U.S. businesses.

Black Vine has deep pockets, giving the group the resources to customize malware, and uses zero-day vulnerabilities in Microsoft Internet Explorer to launch watering-hole attacks. The IE exploits were used to install malware that gave Black Vine remote access to a victim’s computer. To evade detection, Black Vine frequently updates its malware, according to Symantec.

The three modified malware strains Black Vine uses are Sakurel and Hurix, which are detected as Backdoor.Mivast, and Mivast, which is detected as Trojan.Sakurel.

Symantec claimed some Black Vine members have ties to Topsec, a Chinese IT security company, and the group has access to the Edlerwood framework, a platform for distributing new zero-day vulnerabilities. During its research, Symantec discovered Black Vine began using exploits around the same time as other hacking groups. Each group delivered different malware and went after certain organizations, but the fact that they used the same exploit suggests the attackers relied on the same distribution network.

One of the group’s first attacks came in December 2012 against gas turbine manufacturer Capstone Turbine, Symantec said. That hack used the IE exploit CVE-2012-4792 and delivered the Sakurel malware. Symantec noted that the malware was signed with a digital certificate attributed to a company called Micro Digital, fooling Windows into believing the program was legitimate.

That same month, another unnamed turbine power manufacturer was attacked using Sakurel, leading Symantec to believe Black Vine was going after businesses in the energy industry.

In 2013 and 2014, Black Vine targeted companies in the aviation and aerospace industries. One third-party blog cited by Symantec noted that in 2013 specific employees at a global airline were sent spear phishing emails containing a URL that instructed them to download Hurix.

Black Vine compromised the website of a European aerospace company in 2014, accessing the company’s domain and using it to attack the site’s visitors. To carry out this attack, Black Vine used the IE vulnerability CVE-2014-0322 and installed an updated version of Sakurel on a victim’s computer.

The Black Vine malware Mivast was used in the Anthem breach, according to Symantec. Anthem said the hack likely began in May 2014, but that it didn’t realize its systems had been comprised until January. The company, which is one of the largest health insurance providers in the U.S., disclosed the breach in February. Hackers made off with personal data including names, birth dates, member ID numbers and Social Security numbers. Like the Capstone Turbine attack, the Mivast malware was signed with a fake digital certificate.

Symantec reckons spear phishing emails were used to deliver the malware since evidence of a watering hole attack wasn’t reported. Anthem’s IT staff was probably the attack’s intended target, given that the malware was concealed as software related to technology like VPNs, said the security research company.

Anthem didn’t immediately respond to a request for comment.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Posted in Tech | Tagged , | Leave a comment

14 fascinating facts about Apple’s iPhone

Eight years since its debut, Apple’s iPhone has changed and conquered the smartphone market. Here are some interesting facts you might not know about the iPhone.

8 years of iPhone
Not only did the iPhone usher in the modern day smartphone era as we know it, it also helped propel Apple to un-imagined financial success. In the eight years since the iPhone first hit store shelves in 2007, we’ve seen an astounding level of technological innovation. Today, the number of things we can do with our smartphones is absolutely mind boggling. In light of the iPhone’s recent eight-year anniversary, we’ve compiled a number of interesting facts about the iPhone that most people may not be aware of. From secret details regarding the iPhone’s development to how many iPhones Apple has sold to-date, there should be something here of interest for everyone.

1. iphone ipad
Even though the iPad came out a few years after the iPhone, Apple was actually exploring a tablet device before the idea for an iPhone even began to take shape. As relayed by Steve Jobs himself during a 2010 All Things D interview, Jobs explained how he wanted Apple engineers to research various tablet designs with a virtual keyboard. When they came back to him with a device featuring multitouch functionality, Jobs thought that Apple could apply that technology to a phone. As Jobs told Walt Mossberg, Apple “put the tablet aside and we went to work on the phone.”

2. iphone verizon
Before the iPhone launch, Apple needed a partner. Naturally, Apple opted to approach Verizon first, it being the largest and arguably most highly regarded carrier in the U.S. Verizon, however, balked at Apple’s offer. Specifically, Verizon didn’t want to cede any control to Apple. Cingular (now AT&T), meanwhile, needed a big smartphone exclusive to remain competitive, so it was more than willing to agree to Apple’s typically stringent demands. As a quick example of Apple’s demands, Apple insisted that the iPhone would only house its own logo, not that of a carrier.

3. iphone 700 million
This past March, Apple CEO Tim Cook announced that Apple has sold over 700 million iPhones. While we haven’t yet heard an update to that figure, Apple’s earnings reports suggest that cumulative iPhone sales may fast be approaching 800 million. If we conservatively estimate that current iPhone sales fall in the 750 million range, that means Apple has been averaging approximately 7.8 million iPhones a month for eight years running now.

4. iphone money
It’s not even close. Apple’s iPhone is the company’s primary money maker and, in most quarters, the iconic smartphone accounts for nearly 70% of all of Apple’s revenue. Today, Apple has nearly $200 billion in the bank, an astounding fact that’s primarily attributable to consistently strong iPhone sales.

5. iphone time 941
If you pay close attention, you might have noticed that all iPhone advertisements show the device at a time set to 9:41. This is no coincidence. Former Apple executive Scott Forstall once explained, “We design the (product launch) keynotes so that the big reveal of the product happens around 40 minutes into the presentation. When the big image of the product appears on screen, we want the time shown to be close to the actual time on the audience’s watches. But we know we won’t hit 40 minutes exactly.” As a point of interest, the default display times on iPhones used to be 9:42.

6. iphone curved glass
Early in the iPhone’s hardware design process, Apple experimented with a variety of prototype designs. Notably, one design that Apple was particularly bullish on involved curved glass. Apple, however, ultimately abandoned this idea because the process of cutting the glass was too cost prohibitive at the time. The photo seen here is an actual curved glass iPhone prototype that was released during Apple and Samsung’s landmark 2012 trial.

7. samsung a8 processor
Despite a string of lawsuits between Samsung and Apple, the two companies remain important partners. Even though Apple has tried to lessen its reliance on Samsung in recent years, the bulk of the A-x processors that power Apple’s beloved devices come from Samsung.

8. iphone retina
While device teardowns don’t provide the true cost involved in putting a device together (they don’t factor in R&D, design, assembly costs, etc.), they do help up us get a grasp on how much each individual component costs. To that end, teardowns of various iPhone models over the years have shown that the display is the iPhone’s most expensive component. On the iPhone 6, for instance, the display costs $45. On the larger-screened iPhone 6 Plus, the display costs $52. After the display, the most expensive components tend to be the wireless chips from Qualcomm.

9. original iphone
In creating the iPhone, Steve Jobs gave Scott Forstall free rein to assemble a team of his choosing. There was, however, just one rule — he couldn’t hire anyone from outside Apple. As a result, Forstall proceeded to handpick the best engineers at Apple no matter what division they were in. Interestingly enough, when pitching the project to prospective team members, Forstall couldn’t even tell them what it was about, only mentioning that it would require hard work and that they’d have to “give up nights” and work weekends for quite some time.

10. steve jobs iphone
When Steve Jobs famously demoed the original iPhone at Macworld 2007, the device was still very much in prototype form. Indeed, Apple engineers have subsequently said that they were pleasantly shocked that the entire demonstration went off without a hitch. From fixing Wi-Fi connectivity that would drop off randomly to a host of other usability problems, Apple engineers went into overdrive in between the iPhone’s introduction and its original debut in stores about five months later.

11. iphone loyalty
Without fail, studies on smartphone retention demonstrate that iPhone users are more likely to upgrade to another iPhone than Android users are likely to upgrade to another Android device. As a result, market share figures tend not to paint an accurate portrait of smartphone dynamics.

12. iphone cisco
Initially, Cisco owned the ‘iPhone’ trademark. That, though, didn’t stop Apple from calling its newfangled device the iPhone. After its January 2007 unveiling, Apple and Cisco eventually settled their dispute with both companies promising to collaborate together on products in the future. The fruits of that cooperation, if it ever even took place, have never been seen.

13. iphone plastic
Initially, the iPhone display was going to be made out of plastic. However, after testing the device in real-world situations, Steve Jobs noticed that his keys were constantly scratching up the display. As a result, Apple opted for glass.

14. cydia iphone
The meaning behind Cydia, the iPhone jailbreak software, is symbolic
As it turns out, Cydia, which is software used to jailbreak the iPhone, is named after an apple worm called cydia pomonella.


 

MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Apple | Tagged , , , , , , , , , | Leave a comment

The cloud is complex, so Intel’s launched a sweeping project to fix it

The first step is a project with Rackspace to make OpenStack easier to deploy and manage

Intel has kicked off a broad effort to speed the adoption of the modern cloud infrastructure, which it says has been slow to take off because the software is complex and takes too long to deploy.

“Most people look at the market and say ‘The cloud is on fire’,” Jason Waxman, head of Intel’s cloud infrastructure group, told reporters Thursday. “We’re in a position to say, ‘You know what? It’s not moving fast enough.'”

To speed its growth, Intel has kicked off a multi-pronged effort, called the Cloud for All initiative, that includes hiring hundreds of additional engineers to work on open-source cloud software, setting up two massive compute clusters where companies can test and validate applications, and making further investments and acquisitions itself.

Its first move is a partnership with Rackspace to make the popular OpenStack cloud platform enterprise-ready and easier to use. Intel and Rackspace will hire hundreds of engineers at a development center near San Antonio, Texas, to work on OpenStack components such as its scheduling software, network capabilities and container services.

The goal is not to create “yet another OpenStack distribution,” Waxman said, but to improve “the overall health of the project.” The companies will also make OpenStack easier to scale.

“Today at best, the most successful OpenStack deployments scale to a few hundred nodes,” he said. “Our goal is to enable enterprise class features at scale for thousands of nodes,”

Within six months, Rackspace and Intel will provide developers with free access to two 1,000-node compute clusters where they can test their applications, and Rackspace will offer training programs around the software. Intel picked Rackspace to work with because it’s an original developer of OpenStack and runs one of the largest OpenStack public clouds.

The cloud is a fuzzy term but Intel is referring generally to an architecture in which applications are virtualized, or running in software containers, and can be set up and pulled down with high levels of automation.

The architecture is said to help IT departments cut costs and respond to business needs more quickly. But while large companies like Amazon and Google have turned it into a science, most businesses are struggling to get there.

The problem, as Intel sees it, is that choosing and deploying the software to build a cloud is too complex for most companies to handle. There’s an abundance of hypervisors, orchestration software and developer environments, and within those options there are further configuration choices to be made.

“That makes it hard to build a fully functional, reliable cloud stack. It takes a lot of expertise,” said Diane Bryant, the senior vice president in charge of Intel’s data center group.

Deployments take months to complete and customers end up with systems that are “like snowflakes,” she said — “unique and a bit fragile.”

The work with Rackspace is only the first step in the Cloud for All initiative, in which Intel will work with other partners to simplify and build out components for a “software defined infrastructure.”

Intel’s goal is to enable “tens of thousands” of new public and private clouds to be built, and to enable a typical enterprise to build a “full functioning, self service cloud portal” in a single day, Bryant said.

The initiative also includes further investments by Intel, and work with standards bodies and other stakeholders. Intel isn’t talking about those other investments and partnerships today, but Bryant said to expect “20 major announcements” from Intel over the coming year.


.Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Intel | Tagged , , | Leave a comment

The Apple Watch disrupts, but is that enough?

For some it’s a must-have, but others may want to wait before committing

Disruptive technology doesn’t come along often, and is often initially dismissed because it’s easy to ignore something you’ve lived an entire life without. But every once in a while a bit of tech comes along that makes it easier to do what you’re already doing.

This is the Apple Watch.
I wasn’t always sold on the concept. Aside from issues related to appearance/style, functionality, personalization, fitness tracking, and useful interaction methods, my big concern was this: What real-world problem would an Apple watch solve? Knowing the obstacles was one thing; solving those problems was something else entirely. I was skeptical.

The engineers at Apple not only understood those issues but figured out solutions. By the time Apple execs finished unveiling their vision for the modern watch last September, I was ready to give the technology a shot. As someone who’s built a career around tech, I couldn’t remember the last time a watch of any type inspired an emotional reaction.

Much of my excitement stemmed from the new technologies, especially the Digital Crown and Force Touch, both of which work wonderfully in the real world.

Crowning achievement

With the Digital Crown, Apple engineers turned a feature already present in watches into a scroll wheel for selecting options and quickly sliding through list views. It’s used to access apps, very much like an iPhone’s Home Button, when pressed. Double-pressing it switches between the last-used app and the Clock app; holding the Crown down activates Siri; and when you use it to scroll to the end of a list, it even becomes harder to turn. (That last feature shows the obsessive level of detail that’s characteristic of Apple.)

Apple
Handing off scrolling and button-like functionality to the crown is so obvious — in retrospect — that it’s amazing no one came up with the idea beforehand. This is typical Apple.

With Force Touch, the Apple Watch’s Retina display can respond not only to touch and gestures, but can sense when additional force is applied to the screen. That extra pressure brings up additional options in supported apps: It can call up app settings, dismiss notifications, pause or end workouts, select audio and video sources in Remote, and customize Watch faces. The cleverness of Force Touch is that these actions would otherwise need their own onscreen icons, using up precious space in a device with limited screen real-estate.

Force Touch works so well in the real world that the technology has started spreading to other Apple products, like the latest MacBooks and MacBook Pro laptops. It’s only a matter of time before iPads and iPhones get this, too.

Uniting and adding to these new technologies is a tried-and-true method that underpins the success of the Watch: Siri. On the Watch, Siri is used for all sorts of voice commands, like setting timers, checking weather, launching apps — as well as for dictating messages. The Apple Watch relies on Siri for functions that would normally require a keyboard; without Siri, the Watch would fail.

These three technologies allow the Watch to stand above competitors’ offerings. Physically, though, the Watch has the distinction of actually looking like a Watch — and a nice watch at that. It’s not embarrassing to wear, regardless of the occasion. Watch Bands can be removed and swapped out easily and the number of Watch/band combos continues to rise.

Apple Watch makes technology as fashionable as possible, more so than any previous attempts in the category from anyone else. But, while it (debatably) looks great — especially for a wearable computer — the key to usability (and success) is software: the Watch operating system, apps and ecosystem.
Fitness and notifications

When I got my Apple Watch in April, I was looking for it to do two things: be a fitness accessory/advisor and a notification system for important alerts. However, I underestimated the importance of apps. There are well over 4,000 now available, with more coming. Currently, apps have flaws — many are still slow to load, and the display will often turn off before they load fully — but that should improve significantly with native app support, which is coming this fall with the Watch OS 2.0 update. That update promises faster app launches and developer access to features not available to them now, including the accelerometer and the heart rate monitor. There will also be support for non-Apple Complications, and Night Stand mode (which works wonderfully with my favorite stand from Nomad).

In 2007, when the first iPhone was released, I wrote about a digital future where data is at your fingertips. That future is now; We’re living the mobile dream, with devices like the iPhone designed with portability and instant access to all sorts of information. That also means a world in which our devices never shut up. In practical use, this is one of the areas the Watch truly shines: filtering digital noise.

The Watch is clearly the type of product that grows on you. I’m still using my iPhone; the Watch hasn’t made it obsolete, especially because it relies on the phone for so much backend work. But when I pull the iPhone out, it’s for different reasons now. I can quickly respond to texts, control music, check my calendar for upcoming events, track packages, check on the order status of Apple Store purchases, and get directions via the Watch without getting sucked into other apps — which happens when I pick up the iPhone.

This is a big deal for me. The iPhone, with all it can do, is a gigantic time-suck, and it’s easy to fall into the trap. The Watch is designed for short bursts of interactions, without the distractions inherent to a device that does just about everything.

Fitness tracking is still a huge deal for me, but as someone who uses the Watch to track running, basketball, and especially weight lifting, I’m not very impressed. While the Watch has excellent heart rate monitoring sensors, they only work well if you’re using it to track an activity in which your arms wave about. In those cases, the Watch is spot on.
Weightlifters need not apply

Tracking activities like lifting weights or pushups is another matter, and here is where the Watch falls on its proverbial face. If you’re an active weight-lifter and are in the market for a fitness tracker, this isn’t it. When lifting weights, the heart monitoring is the worst feature of the Watch. It’s supposed to monitor your heart rate every 10 minutes in normal mode, and every 10 seconds during a workout. But when Apple released the 1.0.1 update, it changed that behavior so that if the Watch senses movement in normal mode, it skips the heart rate reading. This is absurd. The opposite should occur: if the Watch senses sustained, increased movement, the correct response is to instantly check pulse rate to gauge exertion levels. (The inaccurate readings while lifting weights is a known issue and is supposed to be resolved with a future software update, but who knows when.)

Apple Watch BPM

What isn’t disappointing, though, is that the Watch is more water proof than I thought. I’ve used the Watch in showers, hot tubs, and while swimming. I didn’t dive beyond 15 feet, but I wore it while playing basketball in a pool, and I was in the water for hours. Do I recommend getting it wet? Not really, and neither does Apple. But you can. (The Watch is rated to survive 30 minutes at one meter’s depth.)

The technology in the Apple Watch will, of course, improve with each successive software update (and each new generation of the Watch itself). Even so, the Watch already marks the first time technology as fashion has sold in large numbers. When I wrote my first iPhone review, I said that breakthrough products like this really leave an imprint in time, in which we can literally see the pivot point: before and after. Even though I’m disappointed in tracking an activity like lifting weights, the Watch is that kind of product.

The more people purchase and use the Watch, the more attention the device will get from third-party developers and service providers. There will come a point when the number of wearers will be hard to ignore forcing businesses and third parties to support the services those wearers expect, especially something like Apple Pay.

But is that today?

So, should you get one?

I’m in an interesting position regarding whether I recommend the Watch. At this point, you likely know whether or not you want a Watch. Apple has already sold more of them in a few weeks than all of the competition sold in years, and I’m clearly a fan (as are other Watch owners I know). But it’s still too soon to know whether the functions and fashion it offers — or will offer in future iterations — will be enough to lure the hoards of new users that follow early adopters.

Two years ago I figured if an Apple Watch were ever released, it would be because Apple leaders were confident of its impact. I said then that I’d have to see it to believe it.

Well, I’ve seen it, I’ve used it, and I’m a believer: Despite the first-generation problems, you can have my Watch after you pry it from my cold, dead wrist.


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

 

Posted in Apple | Tagged , | Leave a comment

How to deploy tablets to your mobile workforce

Wakefield Canada needed a new tablet PC for use in the field. Who better to ask then the very folks who’d have to use the mobile devices? Here’s what they chose and why.

When Wakefield Canada, the exclusive distributor for Castrol in Canada, set out to replace the tablets used by their sales team, it went right to the source to figure out what to buy: The people who would be using them in the field.

“A big part of this was really involving our end users in the tool selection,” says Kent Mills, Wakefield Canada CTO.
MORE: 10 mobile startups to watch

The company landed on the Microsoft Surface Pro 3. Here’s why – and how they made an easy transition.
Target the real customer

Even though the tablets would be used for sales purposes, the real customer here was the sales people who would be using the devices. The first question IT asked was what didn’t they like about the devices they were already using?

“Feedback from the salesforce was that tablets were nice but they were too slow to start up, heavy to lug around and they just weren’t feeling like they were that convenient to use,” says Mills.

IT chose several potential candidates as replacements, including options from HP, Samsung, Microsoft and Apple.

Then, in conjunction with the salesforce, IT created a matrix of what they wanted in a device, including communication, design, display, integration, performance, peripherals, support and security.

Then the company’s top five sales representatives were each given a tablet. After a week, they rotated tablets to the next salesperson until each one had used all five device candidates, and scored how they did in each category.

“It wasn’t even close. Microsoft was unanimous by a very hefty margin,” says Mills. He admits that the Surface Pro 3 wouldn’t have been his first initial choice, but he’s not the one who had to use the tablet. After completing the matrix, it was clear that the salesforce was choosing the best tool for them.

“It’s not about me. I’m not the guy using it at the end of the day,” he says.
Laptop and tablet combined

“It’s a fine machine for an on-the-road laptop,” says Dan Bricklin, CTO of Alpha Software, a mobile enterprise app development company. “It can act very well as a laptop but it can also be used as a tablet in a sales environment.”

That can be key in sales, he says, because tablets are inherently social. “A laptop sits between you and another person. If you’re in a sales situation, you can turn it around but you can’t really share it. A tablet you can place down on the desk and two people who either sit across from each other or next to each other can easily share it,” he says. “It works like brochure marketing material. It’s wonderful for a sales environment, presentation type of thing.”

Wakefield Canada works on all types of tablets, including iPads. He says they’re powerful machines and can be perfect for people who have to stand up a lot in their work environment, like inspectors and health services employees. There, weight is a big factor, and something slim like an iPad Air might be a better choice (it weighs just under a pound versus the 1.76 pounds of the Surface Pro 3).

But for salespeople, a tablet with more laptop-like functionality may be more appropriate, as it has been for Wakefield Canada. For the record, Bricklin talked to CIO.com while using his own Surface Pro 3.

An additional benefit of the Surface Pro 3 is that, for people who travel, it can replace a laptop and still be used with a docking station in the office or at home. Wakefield Canada has arranged for the Surface Pro 3s to be tethered to smartphones, which means the tablets can always be connected, no matter where the salesperson is.
Sell the change

Even though Wakefield Canada’s top sales reps chose the Surface Pro 3, the company still had to get the rest of the sales team – about 50 people in total – on board with the decision.

Before its national meeting, where employees would be getting their new Surface Pro 3s, IT send out teaser videos. Some included a quiz, and the first three employees to send back correct responses got a coffee gift card. “By the time they got here, they’d seen all the videos and they were jazzed about it,” says Mills.

In the meeting, they added what Mills calls “a little sizzle” to the introduction of the new machines. They themed the transition as “the best of both worlds because you can easily break it apart,” he says, referring to how the Surface Pro 3 can snap away from its stand. The presentation also included breaks like “retro treats” and a “Surface Showdown” based on the “Showcase Showdown” portion of the television game show “Family Feud.” They also had support on hand to help users with any questions they may have had during the transition.

And then they had a little luck. Wakefield Canada made their transition in February, right around the time of Super Bowl XLIX, where Surface Pro 3s were on commentator desks and in the hands of Seattle Seahawks coach Pete Carroll (Microsoft co-founder Paul Allen owns the Seahawks, and the team is obviously based in the Redmond, Wash. company’s backyard).

“It’s worked out really well,” says Mills.


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged , , , | Leave a comment

5 facets of the coming Internet of Things boom

A McKinsey study attempts to quantify the economic impact of IoT

Predictions that the Internet of Things (IoT) will usher in a new era of prosperity get some backing in a new study by consulting firm McKinsey & Company.

The study estimates that the annual value of IoT applications may be equivalent — in the best case — to about 11% of the world’s economy in 2025. That’s based on a number of assumptions, including the willingness of governments and vendors to enable interoperability through policies and technologies.

IOT is expected to deliver improvements to the reliability of machines, as well as to individual health and life overall. But it may also be intrusive on privacy, and while the IoT will create new jobs, it will cost some as well.

Here are five major points from this report:
Business IoT applications, not consumer uses, will create more business value, according to McKinsey. No surprise here. Consumer applications such as connected toasters, coffee pots and home entertainment systems offer little in terms of real value — but they do get attention. Enterprise IoT is being used to predict and avoid failures in high-value machinery, such as locomotives and magnetic resonance imaging (MRI) devices. It also allows business to switch from scheduled maintenance programs to condition-based maintenance, where service is performed as needed,l not based on a calendar. This increases equipment reliability and efficient deployment of personnel.

A major share of the IoT’s financial gains are through avoided cost. For instance, doctors can use IoT to monitor a patient’s health. If the person is a diabetic, careful monitoring may prevent hospitalizations. This includes the use not only of wearables but of devices that can be implanted, injected and ingested.
Virtual reality is part of IoT. Virtual reality goggles will observe and guide you step-by-step through an installation process at home and work. This capability will likely arrive first on factory floors and equipment repair shops, but eventually it’ll be available at home.

McKinsey estimates that IoT’s potential economic impact at between $3.9 trillion and $11.1 trillion globally per year by 2025. But interoperability accounts for about 40% of this potential value. Equipment makers now collect data performance info from their own machines, but interoperability with other systems will give an integrated view and improve predictive analysis in environments that use multiple systems. In a municipal setting, for instance, interoperability means that video, cell phone data and vehicle sensors could be used to monitor and optimize traffic flow.

The efficiency gains delivered by IoT will deliver a mixed bag of benefits for human workers. Better equipment monitoring and ubiquitous deployment of sensors may reduce injuries. It could also help eliminate some travel for employees who have to go to remote sites. But McKinsey warns, “some IoT applications in worksite environments substantially reduce the number of employees needed.”


MCTS Training, MCITP Trainnig
Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged , , | Leave a comment

Tech salaries from industry verticals

In today’s digital world, technology has become a part of everything we do. It touches all parts of today’s marketplace, so it’s not surprising that the tech job market continues to pick up steam. In fact, according to a recent report from staffing firm Modis, demand in the technology job market is expected to grow 18 percent by the year 2022.

Ever wondered if the grass is really greener in another industry? Technology professionals are needed in virtually every business, which opens a world of possibilities to those looking to build a career. But which industry vertical is the right one for you? We can’t answer that, but we can tell you which ones offer the best compensation.

Recently Computerworld and IDG Enterprise conducted their 29th annual salary survey. More than 4,800 IT professionals were surveyed to better understand the needs and wants of tech professionals and IT pros, ongoing trends in the workplace and, of course, salary information across a host of industry verticals. What they found was that compensation for tech jobs increased 3.6 percent over the last year. But how does that pan out across the different industries like manufacturing, education, government, healthcare and others?

Government tech salaries
All IT salaries are not created equal, and each industry has its own average salary for any given technology job and the first stop on our list is the U.S. Government. Coming in at number 5 are tech workers in the government sector. On average, workers here make considerably less than in, say, the manufacturing industry. However, the business of the people never stops, which may make some feel more secure.

Education tech salaries
Colleges have radically changed how classes are delivered and taught. Today’s technology allows students to get a degree from anywhere they can connect to the Internet, bringing education to more people than ever before. Most universities now offer online courses and along with that growth comes new opportunities for tech jobs growth.

IT computer-related services and consulting tech salaries
The IT computer-related services and consulting industry comes in surprisingly at number 5 on the list of highest paid tech salaries. According to Computerworld’s Salary Survey data, on average, the vice president of IT is the highest paid tech worker in this industry making just over $151,000 annually.

Healthcare tech salaries
Technology adds its own challenge to each industry, but healthcare IT seems to be facing a myriad of major challenges, many heavily anchored in technology like telemedicine, ICD-10 implementation and HIPPA/Privacy issues for example. Challenges like this are creating shortages of healthcare IT workers creating opportunities for those steeped in healthcare with a passion for technology.

Legal/Insurance/Real Estate tech salaries
Who of us hasn’t looked for an apartment or shopped for insurance online? The proliferation of apps and websites to support the real estate industry is just one demonstration of how much this industry has evolved into a digital marketplace. The highest average salary here comes in at number three on our list where the CIO averages nearly $192,000.

Manufacturing tech salaries
According to Computerworld’s salary survey data, 49 percent of the tech workers who responded said compensation was the most important factor to them when it comes to job satisfaction and very few industries boast salaries higher than in the manufacturing industry, which tops the list of highest-paid tech salaries.

In this regularly evolving part of the marketplace, CIOs average more than $192,000. That’s not surprising when you think of all the organizations trying to better use technology to innovate and shorten time to market.

MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged , , | Leave a comment

Breach detection: Five fatal flaws and how to avoid them

Even in advanced shops, perimeter-based defense practices still linger, practices based on flawed thinking

IT Security today is not about defending a (non-existent) perimeter, but about protecting the organization’s attack surface, which has changed dramatically due to the cloud, mobility, BYOD, and other advances in corporate computing that have caused fundamental shifts in network architecture and operations.

Practically speaking, it means you need to monitor what is occurring inside the firewall just as much (if not more) than what is outside trying to make its way in. Think of it as a post breach mindset based on a “1,000 points of light” model as opposed to a “moat and castle” model of defense.

In theory its evolutionary, but given the accelerated pace in which security organizations have matured, it is not necessarily an easy transition to make. Not only has the threat landscape changed, but there has been constant flux in the leadership, skills, tools and budget required.

As a result, even in advanced shops, perimeter-based defense practices still linger. Practices based on flawed thinking or misconceptions, which if left unchecked, hinder fast detection and response. Here are some of the ones we see the most:

* Fixation on penetration prevention. Solution: Shift to an “Already compromised” mindset. With APTs more prominent than ever, it’s no longer about if you get breached, but when. You should evolve your security defense accordingly. Instead of focusing on preventing penetration, focus on the adversarial activity that is going on within your network. The good news is you have an advantage; the majority of damage is usually done several months after penetration. Hackers tend to deploy ‘low and slow’ techniques and perform minimal actions per day in order to evade detection, better understand the organization and craft a foolproof roadmap to reach their true target.
ADVERTISING

* Accepting simple explanations. Solution: Always dig deeper. Security events are not caused by error or accident. Every piece of evidence should be over-analyzed and malicious intent must always be considered. Because your security teams cannot know all adversarial activities, in a sense they are at a disadvantage; therefore, it is crucial for the teams to over-investigate what they can see in order to reveal other unknown and undetected connecting elements. Security teams must always assume they only see half the picture, working diligently to uncover the rest of the pieces of the puzzle.

* Striving for fast remediation. Solution: Leverage the known. Instead of remediating isolated incidents as fast as possible, the security team should closely monitor the known to understand how it connects to other elements within the environment and strive to reveal the unknown. For example, an unknown malicious process can be revealed if it is connecting to the same IP address as a detected known malicious process. Moreover, when you reveal to the hackers which of their tools are easy to detect, hackers can purposely deploy, in excess, the known tools to distract and waste the defender’s time.

* Focusing on malware. Solution: Focus on the entire attack. Although detecting malware is important, solutions that mainly focus on detecting isolated activity on individual endpoints are unable to properly combat complex hacking operations. Instead, employ a more holistic defense. Leverage automation – analytics and threat intelligence in particular – in order to gain context on the entire malicious operation, as opposed to just the code. Keep in mind that your adversary is a person and malware is one of their most powerful tools, but one of many in their tool kits.

* Letting false alerts get the best of you. Solution: Automate investigation. Because many security solutions produce a large amount of sporadic alerts (many false) with little context, security teams spend endless hours manually investigating and validating alerts produced by their solutions. This lengthy process significantly prolongs security teams from addressing the real question – is there a cyber-attack underway?  Here’s another case where the proper use of automation can dramatically increase productivity as well as detection and response times, which results in less costly and damaging attacks. If there are budgetary constraints that prevent the proper use of automation to aid you in this process, quantify the value the investment you are asking the company to make.

Like many aspects of IT, breach detection is part art, part science. However, what distinguishes a good analyst from a great one is how they think. Avoiding these misconceptions enable security teams to approach breach detection much more strategically and make better use of the resources at their disposal.

 


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Tech | Tagged | Leave a comment

Attacking IT security firm was ‘silly thing to do,’ says Kaspersky

It takes a lot of guts for Kaspersky Lab to come forward and admit it was a victim of a hack. Eugene Kaspersky said the “sophisticated, very well-planned attack on our networks, most probably carried out by a government-backed group” was a “silly thing to do.”

So the elevation of privilege patch MS15-061 that Microsoft issued yesterday and labeled as “important” should perhaps be considered “critical” since it was exploited as a zero-day by Duqu 2.0 attackers. Kaspersky Lab reported it to Microsoft and waited for the patch to be released before explaining how it was used against the company.

It takes a lot of guts for Kaspersky to come forward and admit it was a victim of a hack, but it also takes plenty of nerve to disclose nation-state attacks like Duqu, Flame and Gauss, since Duqu attackers link back to Stuxnet. Those same attackers came after Kaspersky with Duqu 2.0.

Eugene Kaspersky said the “sophisticated, very well-planned attack on our networks, most probably carried out by a government-backed group” was a “silly thing to do.” He wrote:

The malware used for this attack is extremely innovative and advanced. For example, it resides in the RAM – the short-term memory of the computer – and tries very hard to avoid making any changes to the hard drive. Its “persistence mechanism” (or rather, its absence) is quite brilliant. Some very serious thinking went into it, and a great many man-hours of some very bright – criminal – minds were spent developing it, meaning millions of dollars were spent on it, too. It’s also likely that the attackers believed it was impossible to detect. Now, I’ve always taken a lot of pride in our people and our technologies, but that pride’s been given a major boost by this news. For it proves one thing: attacking us leads to just one outcome: you get caught – no matter how clever you are. And besides, our initial investigation shows that their catch was not all that impressive.

Although the attackers managed to get access to data related to Kaspersky Lab’s “R&D and new technologies” – and maybe that was the spies were after – it didn’t disrupt the operations and the Duqu 2.0 attack didn’t put Kaspersky’s customers and partners at risk, Kaspersky said.

But the bad guy spies were also after finding out about Kaspersky’s investigations, detection methods and analysis capabilities. “Since we’re well known for successfully fighting sophisticated threats, they sought this information to try stay under our radar. No chance,” Kaspersky wrote on the Kaspersky Lab blog. And if spying on their capabilities was what the attackers were after, it’s “accessible under licensing agreements (at least some of them)!”

The malware is impressively scary, although the Kaspersky Lab blog said to the attackers, “People living in glass houses shouldn’t throw stones.”

Governments attacking IT security companies is simply outrageous. We’re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. We share our knowledge to fight cybercrime and help investigations become more effective. There are many things we do together to make this cyberworld a better place. But now we see some members of this ‘community’ paying no respect to laws, professional ethics or common sense.

To me, it’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare. If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I’m once again calling on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it.

“By targeting Kaspersky Lab, the Duqu attackers have probably taken a huge bet hoping they’d remain undiscovered; and lost,” concludes the Duqu 2.0 (pdf) technical paper. “For a security company, one of the most difficult things is to admit falling victim to a malware attack. At Kaspersky Lab, we strongly believe in transparency, which is why we are publishing the information herein.”

Securelist advised “to check your network for Duqu’s 2.0 presence” as it lists several indicators of compromise, or you can use the open IOC file. Articles detailing Duqu 2.0 are popping up all over the place, but I highly recommend reading the technical paper for yourself. Other Duqu 2.0 victims included a certificate authority in Hungary, companies in the Industrial Control System sector, industrial computers and P5+1 events and venues related to negotiating with Iran over its nuclear program.

Additionally, Symantec discovered Duqu 2.0 attackers have no shortage of targets, having gone after “a European telecoms operator, a North African telecoms operator, and a South East Asian electronic equipment manufacturer. Infections were also found on computers located in the US, UK, Sweden, India, and Hong Kong.”

“Duqu 2.0 is a fully featured information-stealing tool that is designed to maintain a long term, low profile presence on the target’s network,” Symantec said. “Its creators have likely used it as one of their main tools in multiple intelligence gathering campaigns.”

Yeah, so about that patch Microsoft rated as “important” … you might get on that right away and think of it more along the lines of critical. Don’t be surprised the patch only ranked as “important” to Microsoft; after all, the company only successfully patched Stuxnet in March 2015. Yes Microsoft did release a patch for Stuxnet in 2010, but as HP’s Zero Day Initiative said, “The patch failed. And for more than four years, all Windows systems have been vulnerable to exactly the same attack that Stuxnet used for initial deployment.”


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Posted in Apple | Tagged , | Leave a comment